nuclei-templates/http/exposures/configs/zend-config-file.yaml

47 lines
1.5 KiB
YAML

id: zend-config-file
info:
name: Zend Configuration File
author: pdteam,geeknik,Akokonunes
severity: high
description: Zend configuration file was exposed.
metadata:
max-request: 13
tags: config,exposure,zend,php
http:
- method: GET
path:
- "{{BaseURL}}/application/configs/application.ini"
- "{{BaseURL}}/admin/configs/application.ini"
- "{{BaseURL}}/application.ini"
- "{{BaseURL}}/aplicacao/application/configs/application.ini"
- "{{BaseURL}}/cloudexp/application/configs/application.ini"
- "{{BaseURL}}/cms/application/configs/application.ini"
- "{{BaseURL}}/moto/application/configs/application.ini"
- "{{BaseURL}}/Partners/application/configs/application.ini"
- "{{BaseURL}}/radio/application/configs/application.ini"
- "{{BaseURL}}/seminovos/application/configs/application.ini"
- "{{BaseURL}}/shop/application/configs/application.ini"
- "{{BaseURL}}/site_cg/application/configs/application.ini"
- "{{BaseURL}}/slr/application/configs/application.ini"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- "db.*(.password).*="
- "db.*(.username).*="
condition: and
- type: word
words:
- "text/plain"
part: header
- type: status
status:
- 200
# digest: 4a0a0047304502207299fd92870b600690b62dac52985838e4bbf93bef00fdbad3648de0ce6ee1d4022100abb13ccb70d68451cff75389fedd7cf8a8cca19c2c9de05894e433102fd270b0:922c64590222798bb761d5b6d8e72950